How the UK recycles millions of dirty old disposable coffee cups

Uber's new bug bounty could net hackers $10,000

Uber has announced a "bug bounty" that could see security researchers and white hat hackers paid thousands of dollars for finding bugs in its apps and systems.

Discovering a bug that would let someone deface Uber's homepage will net you $5,000 (£3,520), while critical issues such as remote code execution or a bug that could expose confidential information is worth up to $10,000 (£7,000).

Advertisement

The service, hosted on bug bounty site HackerOne, even includes a "loyalty reward" scheme designed to encourage the security community to "dig deep" and continue finding bugs in Uber's systems. The first bug bounty "season" will open on 1 May and last 90 days. Anyone who finds four or more bugs will be eligible for a 10 percent bonus on the payout for their bug. "This bug bounty program will help ensure that our code is as secure as possible," said Joe Sullivan, Uber's chief security officer. He added that the loyalty scheme would "encourage the security community to become experts" in Uber's code and keep finding more bugs.

In addition to the loyalty scheme, Uber has also created a "treasure map guide" to show security researchers how to find bugs across its codebase. The highest-quality submissions will also be published online as "the best examples" of what Uber is looking for.

The launch of a public bug bounty comes after Uber trialled a beta scheme that was open to 200 security researchers. The trial found nearly 100 bugs, Uber said, all of which had now been fixed.

Advertisement

Uber isn't the first firm to open a bug bounty program, but its loyalty scheme does go one step further than older programs run by Facebook, Google and Microsoft and Yahoo. Financial rewards for such programs range can top $100,000, with Facebook paying out more than $3 million since its bug bounty was launched in 2011.

And it isn't just private companies looking to the security community to shore up their systems. Earlier this month the US military announced the 'Hack the Pentagon' initiative, the first ever program of its kind developed by the federal government.

US defence secretary Ashton Carter said the Hack the Pentagon initiative was designed to "strengthen our digital defences and ultimately enhance our national security".